nabilfeghali

ID Verification - Integration with Mobile Application

0 votes

Dear Support Team,

We have tried the REST API of the Identity Verification Rapid POC, and we was able to generate a transaction HTTP URL and we opened it from the Chrome Browser of an Android device and completed the transaction successfully, now we need to integrate the IDV within the onboarding screen of our mobile application, so please could you provide your feedback and suggestions on the below inquiries :

1- how we can integrate the IDV within our mobile application ? is it by redirecting to the mobile default browser to open the transaction URL (https://gs.onespan.cloud/rpoc-saa/sales/#/esign/{transaction_id}?access_token={access_token}) ? is this the only possible way ? knowing that it's not user friendly to switch from our mobile app to the device browser. 

2- do you have a native mobile SDK / native plugin (Android and IOS) that we can integrate with our mobile app to open the IDV transaction from within our mobile app and complete the transaction (taking capture of national id doc then a face capture with smile ). Noting that we are using Ionic Framework in our mobile app, so if you have a Cordova Plugin then we can integrate it and call it from our app to open and complete the transaction. Or if you have an Angular Library / Javascript Library to perform the same so we can call it. Please could you feedback if you support one of the aforementioned options ?

3- we have tried to open the IDV Transaction URL inside an iframe and we failed due to the security limitation of the 'X-Frame-Options' set to 'sameorigin'. It has been mentioned in latest release August 2021 (Version 2021-R3), is it possible to modify/remove this restriction?

4- we have tried to open the IDV Transaction URL from an inappbrowser embedded inside our Ionic mobile app (by using the following cordova plugin https://github.com/apache/cordova-plugin-inappbrowser) but we have faced the following stopper exception "Unsupported Device , No camera found Please enable your camera or use another device" knowing that we have granted access to the camera (this.androidPermissions.PERMISSION.CAMERA) before opening the inappbroser, so we need to know from your side if you are checking on other permissions to be enabled from the browser , do we have to provide specific access/permissions to the browser ? or if you are supporting specific browsers and blocking the URL on some types/models of browsers  ? 

5- Are we obliged to complete the transaction only by opening the URL from a browser ? can't we collect data like document capture and selfie capture from our mobile app and then to call your IDV REST API to complete transaction by providing the images captured from our app ? for sure we will loose some feature related to liveness detection but on the other hand will integrate with you by REST Webservices call only without the need to redirect and complete the flow from the browser.

6- Can we have a separate IDV REST Webservice for OCR and Document Capture Verification only, without the Selfie / Smile Face Capture. So it will be called from our mobile app where we will provide the national id image as input parameter and expecting to receive in response the  validation scoring and fields / values extracted from the capture ? This service is the first part (Document Capture) of the IDV workflow, and we are asking if we can consume it from REST API (if available) without opening a browser and providing the transaction URL. the business advantage is that we can apply OCR Parsing and Document validation through IDV REST API automatically without the need of generating a Transaction URL so no need for human/customer intervention.

7- We have a concern in the list of supported browsers mentioned in the latest release note Version 2021-R3, for example it's mentioned that on Android mobile device, only Chrome is supported however we was confused because we tested on FireFox installed on Android and the URL worked, while the URL failed on Dolphin browser on Android. Please could we have detailed list of supported browsers ?

8- Can we customize the look & feel of OneSpan IDV Transaction URL ? Changing the theme/css/style of the UI to be compatible with the look & feel of our mobile app ?

Thank You ,

Nabil, 

 

 

 

 


Reply to: ID Verification - Integration with Mobile Application

0 votes
  1. How we can integrate the IDV within our mobile application ? is it by redirecting to the mobile default browser to open the transaction URL (https://gs.onespan.cloud/rpoc-saa/sales/#/esign/{transaction_id}?access_token={access_token}) ? is this the only possible way ? knowing that it's not user friendly to switch from our mobile app to the device browser. 

Using the web browser is the recommended approach.  We have seen some customers use the webkit within an app to handle the requests directly, however, this is not officially supported from our product support group.

  1. do you have a native mobile SDK / native plugin (Android and IOS) that we can integrate with our mobile app to open the IDV transaction from within our mobile app and complete the transaction (taking capture of national id doc then a face capture with smile ). Noting that we are using Ionic Framework in our mobile app, so if you have a Cordova Plugin then we can integrate it and call it from our app to open and complete the transaction. Or if you have an Angular Library / Javascript Library to perform the same so we can call it. Please could you feedback if you support one of the aforementioned options ?

We currently do not have a native mobile, js, or 3rd party library SDK for our IDV solution.  It is on our roadmap, but I do not have a date for release yet.

  1. we have tried to open the IDV Transaction URL inside an iframe and we failed due to the security limitation of the 'X-Frame-Options' set to 'sameorigin'. It has been mentioned in latest release August 2021 (Version 2021-R3), is it possible to modify/remove this restriction?

For security reasons, we are not able to modify this in the demo/rapid proof of concept environment.  I will check what is possible in the UAT and PRD environments and get back with you.

  1. we have tried to open the IDV Transaction URL from an in-app browser embedded inside our Ionic mobile app (by using the following cordova plugin https://github.com/apache/cordova-plugin-inappbrowser) but we have faced the following stopper exception "Unsupported Device , No camera found Please enable your camera or use another device" knowing that we have granted access to the camera (this.androidPermissions.PERMISSION.CAMERA) before opening the in-app browser, so we need to know from your side if you are checking on other permissions to be enabled from the browser , do we have to provide specific access/permissions to the browser ? or if you are supporting specific browsers and blocking the URL on some types/models of browsers  ? 

Since this is done within the webkit, it is actually a different type of permission.  You will need to accept the permissions to access the camera through the browser permission set, which is different than the application permission set.  I have upload some sample code that I have previously used to give you some help, please remember this is just sample code, and using a webkit is still not officially support by product support, the only officially support mechanism is directly through a web browser.

  1. Are we obliged to complete the transaction only by opening the URL from a browser ? can't we collect data like document capture and selfie capture from our mobile app and then to call your IDV REST API to complete transaction by providing the images captured from our app ? for sure we will loose some feature related to liveness detection but on the other hand will integrate with you by REST Webservices call only without the need to redirect and complete the flow from the browser.

Currently the images must be captured through the workflow.  As you can see in the sample code there is the possibility of overriding this and allowing the user to upload an image as well, but it is still done through the workflow.  It is our recommendation, for security reasons, that the user be required to take a picture through the workflow only, so that the security checks can be done against the live image as the photo is being taken.

  1. Can we have a separate IDV REST Webservice for OCR and Document Capture Verification only, without the Selfie / Smile Face Capture. So it will be called from our mobile app where we will provide the national id image as input parameter and expecting to receive in response the  validation scoring and fields / values extracted from the capture ? This service is the first part (Document Capture) of the IDV workflow, and we are asking if we can consume it from REST API (if available) without opening a browser and providing the transaction URL. the business advantage is that we can apply OCR Parsing and Document validation through IDV REST API automatically without the need of generating a Transaction URL so no need for human/customer intervention.

In the next release of the Demo and Rapid POC environment, we will be introducing a document capture only workflow.  This will allow for capturing and processing, including data extraction, for the document component only.  It will still work like the other workflows, only it will not ask for facial capture.  It is currently already available in our Professional Services Fast Track packages which are available through the sales group.

  1. We have a concern in the list of supported browsers mentioned in the latest release note Version 2021-R3, for example it's mentioned that on Android mobile device, only Chrome is supported however we was confused because we tested on FireFox installed on Android and the URL worked, while the URL failed on Dolphin browser on Android. Please could we have detailed list of supported browsers ?

We officially only support the Chrome browser.  Other browsers and webkits may work, but they are not officially supported by the product support team.

  1. Can we customize the look & feel of OneSpan IDV Transaction URL ? Changing the theme/css/style of the UI to be compatible with the look & feel of our mobile app ?

Yes we can.  We have the ability use custom font, custom logo image and hero image (welcome image), and to customize the colors of particular workflow objects, and even modify the translation of certain phrases.  In order to do this, please send me a private email and I will send you the instructions to get started, [email protected]

Will LaSala

Sr. Director of Global Solutions, Security Evangelist

M: +1 978 666 4495 
O: +1 508 281 6670 x. 6326

[email protected]

OneSpan, Inc.

VASCO and eSignLive are now OneSpan. 
See our transformation at 
www.onespan.com


Reply to: ID Verification - Integration with Mobile Application

0 votes

I noticed the sample code does not appear to have uploaded and my font is very large, I have alerted the community team to have a look.  I have also attached the sample code to this post as well.

Will LaSala

Sr. Director of Global Solutions, Security Evangelist

M: +1 978 666 4495 
O: +1 508 281 6670 x. 6326

[email protected]

OneSpan, Inc.

VASCO and eSignLive are now OneSpan. 
See our transformation at 
www.onespan.com


Attachments

Reply to: ID Verification - Integration with Mobile Application

0 votes

Thank you Will for you quick reply, we will check the attached code get back to you,

Thanks,

Nabil.


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off